In the ever-shifting landscape of enterprise technology, it has become increasingly clear during the past few years that on-premises software deployments are heading for the door—and not necessarily by customer choice. As I’ve observed time and again, the balance of power has shifted from buyers to vendors, and nowhere is this more evident than in the changes sweeping through the software-as-a-service (SaaS) arena. The latest move from Epicor, long known for its strong ties to clients in the manufacturing and distribution sector, should leave no one in doubt: The era of on-premises enterprise resource planning (ERP) is drawing to a close, and vendors are now in the driver’s seat.

Epicor’s recent announcement sets a defined sunset period for its on-prem releases of Kinetic, Prophet 21, and BisTrack. After years of signaling a cloud-first future, Epicor has made it official: Customers relying on legacy versions will need to move to Epicor Cloud (its SaaS platform hosted on Microsoft Azure) if they want access to innovation, new features, or even long-term support. There are some phased timelines for continued support, but the direction is unmistakable.

This isn’t a move driven by customer demand. It represents the culmination of long-standing vendor priorities: SaaS is less expensive to support, is easier to secure and update centrally, and is a much simpler model when it comes to rolling out AI-powered features and analytics. As an architect who has spent decades advising large organizations through technology shifts, I certainly understand the allure for vendors. Managing a single, cloud-based code base instead of multiple on-prem versions can cut costs dramatically and accelerate upgrades and fixes. For Epicor and nearly every other software company I track, centralization is now the name of the game.

Vendor benefits aren’t buyer benefits

I first heard about Epicor’s decision when one of my long-time clients, a company for whom ERP reliability is mission-critical, reached out with deep concerns. Like so many others, they’re being pushed into the cloud not by positive business drivers, but by the withdrawal of the on-premises option. Their worries are far from theoretical. Just last year, major outages reminded us that the cloud, for all its strengths, is no panacea for risk. Add legitimate worries about latency, compliance, and new security models, and it’s clear that this transition creates anxiety right alongside opportunity.

Let’s be clear about what’s motivating this trend. For Epicor and its peers, moving to SaaS means they can focus their resources, lower support costs, accelerate innovation, and simplify patching, security, and integrations. With Epicor Cloud, for example, every customer runs the same core code, patches are pushed universally, and operating expenses fall as a result. It’s a sound business strategy for vendors to gain recurring revenue, less version sprawl, and a more streamlined engineering organization.

That efficiency often comes at the expense of customer choice. Enterprises are asked to cede infrastructure control, accept new dependencies, and trust that the vendor-managed environment will meet all their requirements for security, latency, uptime, and regulatory compliance—sometimes with only limited visibility or contractual recourse. For organizations that selected on-prem software precisely because of their unique needs, this is a seismic change that can’t be solved by simply “lifting and shifting” their applications.

What to do if a vendor goes SaaS-only

Transitioning to a vendor-managed SaaS solution isn’t simply a technical migration; it’s a shift in risk, responsibility, and, often, vendor relationship dynamics. Here are five things every enterprise should do if a software provider eliminates on-prem options:

First, scrutinize compliance and regulatory issues in detail. Moving to a SaaS-based ERP managed by your vendor (running it on infrastructure you didn’t choose—like Microsoft Azure) means that your compliance posture changes overnight. You need to ask tough questions:

• Does the SaaS provider offer transparency on data residency?
• Are all compliance obligations addressed in the contract
• What are the penalties or remedies if there are problems?
• If you’re in a tightly regulated industry, does the SaaS environment support regional or sovereign cloud options?
• Does your current compliance status automatically carry over? Don’t assume it will. Demand specifics and supporting evidence.

Second, rigorously test for performance and latency impacts before going live. SaaS centralizes services, often far from your physical location or core operational regions. Conduct benchmarks using real-world workloads and user locations, not just vendor-provided averages. If you have shop-floor automation or latency-sensitive workflows, even small delays can ripple through production. Ask for data on service location, network path, and real-world latency. Your vendor should be able to provide performance service-level agreements. If not, press them on the details.

Third, evaluate the new support model. Vendor-led SaaS support can be both a blessing and a curse. Although you might get improved ticket response and universal updates, you lose the ability to self-manage outages or roll back changes. You’ll need to ask about:

• How quickly will the vendor respond to your issues?
• What escalation paths exist if downtime occurs?
• What are the remedies if vendor upgrades break custom integrations?
• How will the vendor communicate with you regarding incident response times and levels of support, particularly for business-critical processes?

Fourth, assess the deeper risks of putting your core data and business processes on an external cloud managed by a third party. Be proactive in contract negotiations and seek for guaranteed data access in worst-case scenarios. Also, find out:

• How does the vendor handle data isolation?
• What are your options for backup and disaster recovery outside their walled garden?
• In the event of a prolonged cloud provider outage, such as we saw last year, what operational continuity measures are in place?
• Is the vendor offering clear recovery time objectives (RTOs) and recovery point objectives (RPOs)?

Finally, always consider alternatives and plan an exit strategy. If the vendor’s SaaS model simply cannot meet key requirements—whether for compliance, latency, or control—it’s time to decide if the relationship should continue. Market offerings such as hybrid or specialized SaaS providers, managed private clouds, or open source ERP solutions may offer a better fit for niche cases. If you proceed with the SaaS transition, make sure you can get your data out in standard formats, with contractual guarantees to support migration should you need to change direction in the future.

New skills and new vigilance

Epicor (and many other software vendors) is betting that enough customers will accept the trade-offs for the benefits of simplicity, speed, and SaaS-enabled innovation, especially as the costs and overhead of on-prem maintenance continue to rise. But for those who justifiably worry about the loss of control and new risk models, this transition will demand rigorous contract negotiation, tighter governance, and a willingness to explore new architectures or even new providers.

Enterprises must approach this new reality with clear eyes and strong questions. SaaS can be a win for both sides, but only if risk is managed, compliance is guaranteed, and business-critical processes won’t be left to the mercy of a single vendor or cloud provider. In this new era, success will not go to the bold or the cautious, but to the best prepared.